Survey Says: Soft Skills Highly Valued by Security Team

Continuing the discussion around the skills gap our industry is facing, I’m excited to share our final set of results from the Tripwire skills gap survey. My previous post highlighted the need for technical skills. But as this next set of findings indicates, soft skills in cybersecurity are not be overlooked.

Every single participant in our survey said they believe soft skills are important when hiring for their security teams. Which ones? When asked to select which skills were most important, these were the most selected:

“Analytical thinker” (selected by 65 percent)

“Good communicator” (60 percent)

“Troubleshooter” (59 percent).

“Strong integrity and ethical behaviour” and “Ability to work under pressure” (tied at 58 percent)

“The cybersecurity industry should not overlook the soft skills that are needed to build a strong security program,” said Tim Erlin, vice president of product management and strategy at Tripwire. “The reality is that today’s security pros need to go beyond technical expertise. Security practitioners need to be good communicators who can connect cybersecurity issues to business priorities, rally the rest of the organization to get involved, solve tough problems and handle sensitive issues with integrity.”

Seventy-two percent of participants said the need for soft skills has increased in the last two years. Some (21 percent) actually said soft skills are MORE important than technical skills when hiring staff. Additionally, 17 percent expect to hire people without security-specific expertise over the next two years. With that in mind, the skillset for tomorrow’s security team my look quite different than today.

Security teams will also be counting on other parts of the organization to pitch in. Nearly all respondents (98 percent) believe non-security functions need to be more involved in cybersecurity in the future. Of those, 74 percent said IT operations needs to be more involved, 60 percent said risk management, 53 percent said compliance, and 45 percent said legal needs to be brought into the fold. Other mentions included human resources (32 percent) and marketing (11 percent).

Erlin added:

“With security-related regulations like GDPR on the rise, it’s unsurprising that respondents expect their legal and compliance teams to get more involved in cybersecurity. It’s become increasingly apparent that security is a shared responsibility, even for those without any technical cybersecurity experience. Employees from other functions can partner with their security teams to help them look at issues from different perspectives, help further the broader organization’s understanding of cybersecurity, and help enforce best security practices across the organization.”

As we’ve seen from our 2017 skills gap survey results, we can expect security teams to look and work differently going forward. That said, the mission stays the same. As the workforce evolves and changes, the rise in cyber threats remains a constant. Through this transition, organizations will need to remain focused on minimizing cyber risk, and that may involve some innovative new way to do so.

For a full summary of all the skills gap survey findings discussed across these three blog posts, please check out the graphic below!